CVE-2026-44592

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

WordPress Posts Like Dislike Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software Posts Like Dislike Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41849 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 84d7be11cdd9 Credits Elliot Required privilege...

WordPress Custom User Guide Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom User Guide Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73064f77dce5 Credits Rafie Muhammad Patchstack...